Cyber Threat Hunter

Job Overview

Advance your career while impacting national security in cyber as an Information Security Analyst Senior  Cyber Threat Hunter is responsible for proactively identifying, analyzing, and mitigating advanced cyber threats targeting enterprise, on‑prem, cloud, and mission systems. The role supports defensive cyber operations across on‑premises, hybrid, and cloud environments.

• Conduct proactive and reactive threat hunts across enterprise networks, endpoints, servers, and cloud environments.
• Develop and execute hypothesis‑based hunts using known adversary tactics, techniques, and procedures (TTPs).
• Identify stealthy, persistent, or anomalous activity missed by automated detections and pivot across multiple data sources to validate suspicious indicators.
• Leverage internal and external cyber threat intelligence (CTI) feeds to enrich hunting operations; translate intelligence reports into hunt hypotheses and detections.
• Analyze nation‑state, criminal, and insider threat activity and map adversary behavior to the MITRE ATT&CK framework.
• Utilize Splunk ES or Elastic SIEM for advanced correlation searches, dashboards, and threat investigations; correlate logs from firewalls, EDR, DNS, authentication, proxy, cloud, and network sources.
• Tune detections to reduce false positives and improve fidelity across all SIEM platforms.
• Perform hunts within cloud environments such as Amazon Web Services, Microsoft Azure, and Google Cloud, analyzing control‑plane logs, IAM activity, API abuse, storage misuse, and lateral movement.
• Develop scripts and automations to accelerate hunting and investigations; build repeatable hunt playbooks and workflows; integrate tools using APIs, SOAR, or custom automation.
• Automate enrichment of indicators and triage processes to support continuous monitoring.
• Provide advanced analytical support to Incident Response teams, validate indicators of compromise, and support containment and eradication during active incidents.

• 4+ years of cybersecurity experience with at least 2+ years in threat hunting, SOC, Incident Response, or CTI.
• Security clearance:
  Top Secret/SCI required.
• U.S. citizenship required.
• Strong experience with Splunk ES, Elastic SIEM, SOAR, or comparable platforms.
• Proficient in the CTI lifecycle and intelligence‑driven defense.
• Experienced in creating hunt hypotheses and conducting structured hunts.
• Deep understanding of Windows, Linux, Active Directory, networking, and DNS.
• Knowledge of tools such as Trellix ESS, Splunk ES, Splunk SOAR, MAR/HX, NSM, Varonis, IDS, Stealthwatch, Cylance, and Fore Scout.
• Familiarity with malware behavior and attacker tradecraft.
• Experience with cloud technologies (AWS, Azure, GCP).
• Able to write or understand code in Python, Power Shell, Bash, SQL, Kusto Query Language, JSON/YAML, and regex parsing.
• DoD 8570/8140 compliant certification preferred (CompTIA Security+, CySA+, CASP+, GIAC such as GCIH, GCFA, etc.).

Likely salary range: $97,750 – $132,250 (subject to experience, location, and contractual terms).

Medical, dental, and vision plans (including Health Savings Accounts); 401(k) with company match; paid time off, holidays, parental leave, military and jury duty leave; short‑ and long‑term disability, life, accidental death and dismemberment, business travel insurance; flexible work weeks where possible.

GDIT is an equal opportunity employer. Individuals with disabilities, protected veterans, and members of other protected classes are encouraged to apply.